today's leftovers

• Bernd Rodler: Real Innovation And Progress Happen Beyond Big Tech (Part I ) – Interview

  In 1991, Linus Torvalds started this fantastic Linux project and prior to that, Richard Stallman came up with the idea of GPL, the general public license. Thus, a new model to deliver software code in an open and transparent manner came into existence. Stallman can be quoted with the famous phrase: „If you think about open source, think free as in free speech, not free beer.“ After GPL and the first Linux kernels gained ground, more and more open source based business software was developed.

• RISC-V needs more than an open architecture to compete

  Interviews with chip company CEOs are invariably enlightening. On top of the usual market-related subjects of success and failure, revenues and competition, plans and pitfalls, the highly paid victim knows that there's a large audience of unusually competent critics eager for technical details. That's you.

• How To Install Glances on Ubuntu 22.04 LTS - idroot

  In this tutorial, we will show you how to install Glances on Ubuntu 22.04 LTS. For those of you who didn’t know, Glances is a cross-platform system monitoring tool written in Python. It displays a myriad of system statistics on the terminal or console and even includes a web mode that allows you to monitor your system on a web browser. This is a better alternative to the top and htop monitoring tools. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Glances system monitoring on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

• Chrome OS 101: Dark boot screen added, new Launcher starts appearing, more [Ed: Still vastly worse than proper distros of GNU/Linux in terms of features]

Thunderbird’s donation-driven revenue rose 21% in 2021

The Thunderbird team published the financial report of 2021 for the Thunderbird project last month. Revenue rose by 21% in 2021 to $2.796 million when compared to the $2.3 million the project earned in 2020.

Security Leftovers

• New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux [Ed: Cautioning people not to download random junk and then execute it; not a problem in the OS per se]

  We reported these findings to the PyPI registry shortly after catching and analyzing the package and the malicious package was taken down yesterday, just before reaching ~300 downloads.

• Tesla, Microsoft and Ubuntu bugs found during Pwn2Own hacking competition - The Record by Recorded Future

  Several bugs in Microsoft, Ubuntu and Tesla products were found and exploited during the three-day Pwn2Own hacking conference in Vancouver this week. The conference – organized by Trend Micro’s Zero Day Initiative – gives hackers a chance to earn money in exchange for discovering and exploiting vulnerabilities in popular products. By the end of day two on Thursday, the conference had paid out $945,000 in rewards, including $75,000 to hackers with offensive security company Synacktiv for two unique bugs found in the Tesla Model 3 Infotainment System.

• US won’t prosecute ‘good faith’ security researchers • The Register

  The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing. Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability." Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

• Tech’s big names team up to launch $30m open source software security plan